Leicester City FC announced in June that a hacker had broken into the club’s online shop and manage to steal fans financial details including cardholders name, card numbers expiry date and CVV numbers. This may affect anyone who has made a purchase through Leicester City FC’s online shop.
ICO (Information Commission Officer) is investigating the breach with a high possibility of revealing a violation of GDPR and PCI DSS Payment Card Industry Data Security Standard.
The GDPR came into effect in May last year and states that organisations must take “appropriate technical and organisational measures” to protect personal data.
Encryption is a standard method used within the industry to secure data. It is an explicit requirement when it comes to PCI DSS and recommended for GDPR compliance.
During the investigation the club will need to answer why card numbers had been stored alongside the CVV numbers. CVV number it’s a security protocol to ensure that the person making the purchase possesses the payment card and should be asked to enter CVV number every visit. It should never be saved by the vendor.
Leicester FC could face a fine of up to £17 million if the ICO prove violation of GDPR.
It is important to ensure high standards of security when it comes to any customer data your business my hold.
Our bespoke Cyber Security Consultation will help you identify the right solutions for you and your business.
One of our team will visit you at your site to review your present network configuration and your cyber security needs. From staff training to network and security infrastructure, we can guide you through the options available.
If your business needs a Cyber Security Consultation, contact Ascent Cyber today.